- Samsung is giving away Freestyle projectors with this TV purchase - here's how to qualify
- The best iOS 26 features that will make updating your iPhone worthwhile
- Amazon is selling this 230-piece Craftsman toolset for just $99 ahead of Father's Day
- 7 browser features I can't live without that Chrome doesn't offer
- Save up to $400 on UltraGear OLED gaming monitors at LG
Expanding on ADHICS v2.0: A Closer Look at Healthcare Cybersecurity in the UAE
As digital transformation sweeps across the healthcare sector, there has never been more at stake. Healthcare data is worth a lot on the black market. Unlike financial data, which has a short shelf life (accounts can be frozen, and fraud alerts issued), medical records stay fresh for a long time.
They contain a host of personal information, like medical histories, insurance data, and payment information, which malefactors can use to steal identities, commit insurance fraud, or even create fake medical records.
Also, hospitals operate in a highly pressurised environment, where time is of the essence. Unlike other sectors, downtime is not just expensive; it can be deadly. A ransomware attack can delay treatment and surgeries, reroute ambulances, and even cost lives.
In 2024, healthcare was hit hardest by ransomware. It made up 23% of all cases handled by Kroll, a firm that helps after attacks. Around the world, about 400 healthcare groups were targeted. Despite this, only 28% of top hospitals in the UAE and the Kingdom of Saudi Arabia (KSA) have implemented the most secure DMARC setting (“reject”), meaning 72% are still not proactively blocking fraudulent emails from reaching users.
Microsoft reported that a ransomware incident can increase emergency department arrivals by 35%, more than double the number of confirmed strokes, and cause cardiac arrest cases to spike by 81%.
Introducing ADHICS v2.0
ADHICS v2.0 acknowledges this disconnect and aims to close the gap quickly.
In a move that positions Abu Dhabi as a regional leader in healthcare security, the Department of Health(DoH) has released the second version of the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2.0). This plan helps protect medical data and keep healthcare running without pause.
In an earlier blog, we looked at UAE cybersecurity standards and how ADHICS lays the groundwork for stronger healthcare in Abu Dhabi. Now, with further insights from industry experts and regulatory updates, we take a closer look at what ADHICS v2.0 truly means for healthcare providers, cybersecurity professionals, and policymakers in the UAE and beyond.
ADHICS v2.0 is specific to Abu Dhabi and does not automatically extend to the other six Emirates of the UAE. However, this doesn’t diminish its broader influence. Each Emirate is creating its own guidelines for the best practice of technical controls. Dubai’s DHA is mature in its approach, but the other five Emirates are likely to closely follow what DoH has produced in Abu Dhabi.
In this sense, ADHICS v2.0 serves as a regulatory mandate and a forward-looking framework that other Emirates, and even other nations, can look to as a template. It’s about more than compliance and aims to drive a culture of security within a sector that is highly sensitive and critically essential.
Compliance Requirements: Six Pillars for Secure Healthcare
At the core of ADHICS v2.0 are six pillars: Governance, Resilience, Capabilities, Partnerships, Maturity, and Innovation. These are not only guiding principles, they are measurable, actionable domains that demand alignment across people, processes, and technologies.
To comply, healthcare facilities must:
- Institute robust technical controls such as encryption, multi-factor authentication, and network monitoring.
- Put in place an organized incident response plan to minimize service disruption.
- Hold risk assessments to pinpoint and address vulnerabilities before they turn into full-blown events.
- Implement compliance monitoring mechanisms to ensure adherence and avoid penalties.
- Build cybersecurity awareness across the workforce through continuous training.
Critically, no single pillar outweighs the others. Governance without resilience is hollow, and innovation without maturity can introduce new risks. ADHICS v2.0 demands an integrated approach; one that embeds cybersecurity into the fabric of healthcare operations.
Regional Cybersecurity Trends: A GCC-Wide Awakening
The UAE is not alone in its efforts. Governments across the GCC are working quickly to protect key systems. Saudi Arabia, for one, treats cybersecurity as a top issue, and banks in the region join yearly drills to find weak spots and strengthen their defenses.
While the specifics may differ, the regional trend is apparent. Cybersecurity is now a shared responsibility between the public and private sectors. Healthcare, given its societal importance, sits at the vanguard of this movement.
The increasingly aggressive adversarial landscape has driven interest in shoring up cybersecurity. Every hospital and clinic has to comply with the ADHICS standard, which drives best practice for a robust security posture, incorporating the appropriate technical controls.
The strategic implication is significant. As more GCC nations formalize their standards, we may see cross-border frameworks or regional alliances emerge that are designed to address healthcare cybersecurity collectively.
Stay ahead of the latest in GCC cybersecurity trends shaping healthcare and beyond.
Contact us to learn how we can support your security journey.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
